Sr. Security Engineer, Security Architecture
Job Summary:The Global Information Security (GIS) group provides services and solutions to protect the value and use of Disney’s information through risk evaluation, collaboration, standardization, enforcement, and education across the enterprise. We protect the brand and reputation while enabling and supporting business objectives.
In order to ensure that our services keep TWDC secure, we follow an ongoing, iterative process, including continued reevaluation of our services over time to address emerging threats as well as changes in business and technology.
This process includes:
- Analysis of known and emerging threats to determine risks against TWDC assets
- Creation, maintenance, governance and communication of security policies and standards across TWDC
- Assessment and audit of compliance against the security policies and standards
- Assurance that TWDC assets are effectively managed and monitored to meet TWDC security criteria
Responsibilities:The IT Security Architecture & Engineering team develops and guides technology risk management in collaboration with teams across the company to enable responsive, secure and cost effective solutions.
The Sr. Security Engineer - Architecture is responsible for evaluating a myriad of deployment scenarios (e.g. on-premises, cloud, and hybrid), services, models and technology to ensure they are secure and compliant across the Walt Disney Company (TWDC). This role is highly versatile and technical: heavy network engineering, application security and DevSecOps.
Key responsibilities:
- Provides situation based support, using in-depth knowledge of TWDC technology, to ensure systems are designed in accordance with and are aligned with Company information security policies and standards
- Creates, reviews and presents reports, position papers, assessment recaps to team (peers) and next level of leadership within team
- Executes advanced risk and threat analysis activities, leveraging learnings from external and internal cyber trends and incidents
- Develops and documents technical solutions that meet specifications and impact future developments (position papers, process flows, requirements, data flows, mapping to controls)
- Identifies, selects, develops and documents architecture artifacts (reference architectures, standards, policies, reusable designs, best practices) across data protection topics
- Researches, learns and assesses new technologies
- Leads discussions, assessments, tracking and overall reporting of technology security risks
- Understands business drivers, processes to evaluate risk; recommend solutions
- Assists with the maintenance of metrics and scorecards in support of the information security program
Basic Qualifications:
- 5 years’ experience with 3 or more areas including: public cloud, secure application development, virtual network big data, elastic compute, cloud security
- 1-3 years of practical cloud information security experience
- 5-8 years in IT and/or in this specific role
Preferred Qualifications:
- 7+ years in IT with 4-6 years in an information security role
- Extensive knowledge of information security principles and functions
- Extensive knowledge and experience with diverse IT architectures and enterprise IT data centers, external hosted services and cloud computing environments.
- Knowledge and experience with physical and virtual server configurations and implementations.
Required Education
- BA/BS in Business or Computer Science, or appropriate work experience
- Masters or other advanced degree preferred
- Required - Two or more of the following certifications: CISSP, CCSP, AWS Certified Public Cloud Architect, MCSE Cloud, VMWare VCP6-Cloud, EMCCA (EMC Cloud Architect) or GIAC
Additional Information:DISNEYTECH